Create qcomicbook.profile

author: pirate486743186 <okgomdjgbmoij@gmail.com> 2021-06-06 12:26:21 +0200
committer: GitHub <noreply@github.com> 2021-06-06 12:26:21 +0200
commit: 0e588b7e6a4964c282ee6218bcc191fc1f25eeba (patch)
tree: f33812e15348df6fff07afeb4e6d4c532c3a7718
parent: fix tuxguitar (diff)
download: firejail-0e588b7e6a4964c282ee6218bcc191fc1f25eeba.tar.gz
firejail-0e588b7e6a4964c282ee6218bcc191fc1f25eeba.tar.zst
firejail-0e588b7e6a4964c282ee6218bcc191fc1f25eeba.zip
1 files changed, 68 insertions, 0 deletions
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile
new file mode 100644
index 000000000..0e52d7fc4
--- /dev/null
+++ b/etc/profile-m-z/qcomicbook.profile
@@ -0,0 +1,68 @@
+# Firejail profile for qcomicbook
+# Description: A comic book and manga viewer in QT
+# This file is overwritten after every install/update
+# Persistent local customizations
+include qcomicbook.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/PawelStolowski
+noblacklist ${HOME}/.config/PawelStolowski
+noblacklist ${HOME}/.local/share/PawelStolowski
+noblacklist ${DOCUMENTS}
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/PawelStolowski
+mkdir ${HOME}/.config/PawelStolowski
+mkdir ${HOME}/.local/share/PawelStolowski
+whitelist /usr/share/qcomicbook
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+private-bin 7z,7zr,qcomicbook,rar,sh,tar,unace,unrar,unzip
+private-cache
+private-dev
+private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,Trolltech.conf,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
+read-only ${HOME}
+read-write ${HOME}/.cache/PawelStolowski
+read-write ${HOME}/.config/PawelStolowski
+read-write ${HOME}/.local/share/PawelStolowski
+#to allow ${HOME}/.local/share/recently-used.xbel
+read-write ${HOME}/.local/share
author	pirate486743186 <okgomdjgbmoij@gmail.com>	2021-06-06 12:26:21 +0200
committer	GitHub <noreply@github.com>	2021-06-06 12:26:21 +0200
commit	0e588b7e6a4964c282ee6218bcc191fc1f25eeba (patch)
tree	f33812e15348df6fff07afeb4e6d4c532c3a7718
parent	fix tuxguitar (diff)
download	firejail-0e588b7e6a4964c282ee6218bcc191fc1f25eeba.tar.gz firejail-0e588b7e6a4964c282ee6218bcc191fc1f25eeba.tar.zst firejail-0e588b7e6a4964c282ee6218bcc191fc1f25eeba.zip

diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile new file mode 100644 index 000000000..0e52d7fc4 --- /dev/null +++ b/etc/profile-m-z/qcomicbook.profile
@@ -0,0 +1,68 @@
	1	# Firejail profile for qcomicbook
	2	# Description: A comic book and manga viewer in QT
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include qcomicbook.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.cache/PawelStolowski
	10	noblacklist ${HOME}/.config/PawelStolowski
	11	noblacklist ${HOME}/.local/share/PawelStolowski
	12	noblacklist ${DOCUMENTS}
	13
	14	# Allow /bin/sh (blacklisted by disable-shell.inc)
	15	include allow-bin-sh.inc
	16
	17	include disable-common.inc
	18	include disable-devel.inc
	19	include disable-exec.inc
	20	include disable-interpreters.inc
	21	include disable-passwdmgr.inc
	22	include disable-programs.inc
	23	include disable-shell.inc
	24	include disable-write-mnt.inc
	25	include disable-xdg.inc
	26
	27	mkdir ${HOME}/.cache/PawelStolowski
	28	mkdir ${HOME}/.config/PawelStolowski
	29	mkdir ${HOME}/.local/share/PawelStolowski
	30	whitelist /usr/share/qcomicbook
	31	include whitelist-runuser-common.inc
	32	include whitelist-usr-share-common.inc
	33	include whitelist-var-common.inc
	34
	35	apparmor
	36	caps.drop all
	37	machine-id
	38	net none
	39	nodvd
	40	nogroups
	41	noinput
	42	nonewprivs
	43	noroot
	44	nosound
	45	notv
	46	nou2f
	47	novideo
	48	protocol unix
	49	seccomp
	50	seccomp.block-secondary
	51	shell none
	52	tracelog
	53
	54	private-bin 7z,7zr,qcomicbook,rar,sh,tar,unace,unrar,unzip
	55	private-cache
	56	private-dev
	57	private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,Trolltech.conf,X11,xdg
	58	private-tmp
	59
	60	dbus-user none
	61	dbus-system none
	62
	63	read-only ${HOME}
	64	read-write ${HOME}/.cache/PawelStolowski
	65	read-write ${HOME}/.config/PawelStolowski
	66	read-write ${HOME}/.local/share/PawelStolowski
	67	#to allow ${HOME}/.local/share/recently-used.xbel
	68	read-write ${HOME}/.local/share